Top Stories of the Week: 11/2/24-11/8/24
As President-elect Donald Trump is set to take office in January, learn what he has in store for cyber policy, along with new threats organizations need to watch for, new TSA-proposed regulations, and more.
TSA Issues Proposed Cyber Mandates for Pipelines, Rail, Airlines by Christian Vasquez
The TSA has issued proposed cybersecurity regulations to formalize and expand emergency mandates, first introduced after the Colonial Pipeline ransomware attack in 2021. These new rules target around 300 operators across pipeline, freight, passenger rail, transit, and aviation sectors. These rules would require them to create cyber risk management programs and operational cybersecurity plans; would add requirements for training, certification, and adherence to secure-by-design principles; and require them to report incidents to the Cybersecurity and Infrastructure Security Agency (CISA). The public can submit feedback until February 5, 2025.
Trump Plans To Dismantle Biden AI Safeguards After Victory by Benj Edwards
President-elect Donald Trump reportedly plans to reverse Biden's AI Executive Order, which established the U.S. AI Safety Institute (AISI) and mandated reporting on AI security measures. Critics argue Biden’s policy stifles innovation, however, despite the Trump administration potentially favoring deregulation, his proposed trade tariffs, especially on Chinese imports, could disrupt AI tech supplies, and plans to restrict H-1B visas may limit talent for AI firms, and general AI safety oversight could take a hit. Additionally, Trump’s allies are reportedly considering a new AI-focused executive order to boost U.S. AI capabilities—particularly military AI—and reduce regulatory barriers. Meanwhile, states may enact their own AI regulations if federal oversight is reduced.
Microsoft Sharepoint RCE Bug Exploited to Breach Corporate Network by Bill Toulas
The CVE-2024-38094 vulnerability in Microsoft SharePoint, a high-severity remote code execution flaw, is being actively exploited for unauthorized network access. Despite Microsoft's July 2024 patch, attackers have used this vulnerability to breach networks by planting a webshell on vulnerable servers, gaining domain-level control, and using tools like Huorong Antivirus to disable security defenses. The attacker leveraged this access for lateral movement, credential harvesting, and persistence using Mimikatz, Impacket, and scheduled tasks. They also attempted but failed to destroy third-party backups. Administrators are urged to apply the SharePoint update to prevent potential compromise.
FBI Says Hackers Are Sending Fraudulent Police Data Requests to Tech Giants To Steal People’s Private Information by Zack Whittaker
The FBI warns that cybercriminals are exploiting compromised law enforcement and government email accounts to issue fraudulent emergency data requests, which compel U.S. tech companies to release private user information like emails and phone numbers. This method circumvents typical legal processes by fabricating urgent threats to obtain sensitive data quickly. Hackers have successfully targeted multiple high-profile tech companies, leveraging the data for harassment and financial fraud. The FBI advises stronger cybersecurity measures for law enforcement and urges companies to critically assess emergency requests to prevent unauthorized data access.
Intelligence Community Briefed Congress on Chinese Telecom Intrusions by David DiMolfetta
The U.S. intelligence community recently briefed Congress on a large-scale Chinese cyber infiltration, known as "Salt Typhoon," into multiple U.S. telecommunications companies, compromising infrastructure linked to wiretap requests. The infiltration, potentially active for eight months, affected major firms like AT&T, Lumen, and Verizon, with data suggesting high-value intelligence was targeted. Some government agencies have restricted phone use in response, and the Cyber Safety Review Board is leading a full-scale investigation. Experts, including former NSA director Gen. Paul Nakasone, expressed concern over the breach’s scale, suggesting current CALEA standards governing telecom security may need reform.